Show filters
71 Total Results
Displaying 51-60 of 71
Sort by:
Attacker Value
Unknown
CVE-2018-3818
Disclosure Date: March 30, 2018 (last updated November 26, 2024)
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
0
Attacker Value
Unknown
CVE-2018-3820
Disclosure Date: March 30, 2018 (last updated November 26, 2024)
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
0
Attacker Value
Unknown
CVE-2018-3821
Disclosure Date: March 30, 2018 (last updated November 26, 2024)
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
0
Attacker Value
Unknown
CVE-2018-3819
Disclosure Date: March 30, 2018 (last updated November 26, 2024)
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
0
Attacker Value
Unknown
CVE-2017-11482
Disclosure Date: December 08, 2017 (last updated November 26, 2024)
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
0
Attacker Value
Unknown
CVE-2017-11481
Disclosure Date: December 08, 2017 (last updated November 26, 2024)
Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
0
Attacker Value
Unknown
CVE-2017-11479
Disclosure Date: September 29, 2017 (last updated November 26, 2024)
Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
0
Attacker Value
Unknown
CVE-2017-8443
Disclosure Date: June 30, 2017 (last updated November 26, 2024)
In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.
0
Attacker Value
Unknown
CVE-2016-1000219
Disclosure Date: June 16, 2017 (last updated November 26, 2024)
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
0
Attacker Value
Unknown
CVE-2015-9056
Disclosure Date: June 16, 2017 (last updated November 26, 2024)
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
0